Xiao Wei

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 5.2.0 **Description** The issue is related to an out-of-bounds read/write access flaw in the USB emulator of QEMU. This flaw occurs while processing USB packets from a guest when the `setup len` exceeds the `data buf[4096]` in the `do token in` and `do token out` routines. Exploitation of this issue may allow an attacker to crash the QEMU process, resulting in a denial of service, or potentially execute arbitrary code with the privileges of the QEMU process on the host. **Recommendations** For QEMU versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the USB emulator to minimize the risk of exploitation.